Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2013 04 Ran by Profilaktyka (administrator) on BIURO on 04-09-2013 18:44:06 Running from C:\Documents and Settings\Profilaktyka\Pulpit\diagnoza Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (SugarSync, Inc.) C:\Program Files\SugarSync\SugarSyncManager.exe (Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] () Winlogon\Notify\WgaLogon: WgaLogon.dll [X] HKLM\...\Policies\Explorer\Run: [11686] - C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\cctrabxqk.pif [115512 2012-06-02] ( (House)) HKLM\...\Policies\Explorer: [HonorAutoRunSetting] 1 HKCU\...\Run: [SugarSync] - C:\Program Files\SugarSync\SugarSyncManager.exe [16007168 2011-06-01] (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.4.38.126 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Profilaktyka\Dane aplikacji\Mozilla\Firefox\Profiles\yc3447gn.default FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird ========================== Services (Whitelisted) ================= S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] ==================== Drivers (Whitelisted) ==================== S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [371712 2009-06-30] (Broadcom Corporation) R3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.) R3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.) R3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP) R1 P3; C:\Windows\System32\DRIVERS\p3.sys [46848 2008-04-14] (Microsoft Corporation) R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) R3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.) R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics) S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-04 18:43 - 2013-09-04 18:43 - 00000000 _____ C:\Documents and Settings\Profilaktyka\defogger_reenable 2013-09-04 18:41 - 2013-09-04 18:43 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Pulpit\diagnoza 2013-09-04 18:33 - 2001-10-26 16:57 - 00012160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys 2013-09-04 18:33 - 2001-10-26 16:57 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2013-09-04 18:32 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidusb.sys 2013-09-04 18:32 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2013-09-03 12:07 - 2013-09-03 12:07 - 00000610 _____ C:\Documents and Settings\Profilaktyka\Pulpit\RESMAN E. Nosal.lnk 2013-08-28 14:29 - 2013-08-28 14:31 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdate 2013-08-28 14:29 - 2013-08-28 14:29 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent 2013-08-28 14:29 - 2013-08-28 14:29 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Dane aplikacji\Samsung 2013-08-28 14:28 - 2013-08-28 14:28 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache 2013-08-28 14:28 - 2012-05-20 08:42 - 01525624 ____N (Samsung) C:\WINDOWS\TotalUninstaller.exe 2013-08-28 14:28 - 2011-04-25 13:25 - 00024064 _____ () C:\WINDOWS\system32\ssj1mlm.dll 2013-08-28 14:28 - 2011-02-09 12:19 - 00000361 _____ C:\WINDOWS\system32\ssj1mlm.smt 2013-08-28 14:27 - 2013-08-28 14:28 - 00000000 ____D C:\Program Files\Samsung 2013-08-28 14:27 - 2012-03-22 10:44 - 00158425 ____N C:\WINDOWS\ssj1mLTR.prn 2013-08-28 14:27 - 2012-03-22 10:43 - 00147249 ____N C:\WINDOWS\ssj1mA4.prn 2013-08-28 14:27 - 2011-02-09 12:18 - 00151552 _____ (SS) C:\WINDOWS\system32\ssj1mci.exe 2013-08-28 14:27 - 2011-02-09 12:18 - 00065536 _____ (SS) C:\WINDOWS\system32\ssj1mci.dll 2013-08-28 14:27 - 2009-04-12 01:54 - 01724416 ____N (Microsoft Corporation) C:\WINDOWS\gdiplus.dll 2013-08-20 10:46 - 2013-08-20 10:46 - 00000000 ___RD C:\Documents and Settings\Profilaktyka\Moje dokumenty\Moje obrazy 2013-08-05 13:04 - 2013-09-04 11:59 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Moje dokumenty\druki i formularze ==================== One Month Modified Files and Folders ======= 2013-09-04 18:43 - 2013-09-04 18:43 - 00000000 ____D C:\FRST 2013-09-04 18:43 - 2013-09-04 18:43 - 00000000 _____ C:\Documents and Settings\Profilaktyka\defogger_reenable 2013-09-04 18:43 - 2013-09-04 18:41 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Pulpit\diagnoza 2013-09-04 18:43 - 2009-06-30 15:49 - 00000000 ____D C:\Documents and Settings\Profilaktyka 2013-09-04 18:42 - 2009-06-30 15:49 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Pulpit 2013-09-04 18:40 - 2009-06-30 17:12 - 00479682 _____ C:\WINDOWS\setupapi.log 2013-09-04 18:37 - 2011-04-20 10:58 - 00000476 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{E954D2B5-82F7-44E9-A8FA-E629B5692DC0}.job 2013-09-04 18:33 - 2009-06-30 17:11 - 00179086 _____ C:\WINDOWS\setupact.log 2013-09-04 18:33 - 2009-06-30 15:29 - 01974390 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-04 18:32 - 2009-06-30 17:16 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-09-04 18:32 - 2009-06-30 17:16 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-09-04 18:32 - 2009-06-30 15:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-04 17:49 - 2009-06-30 15:49 - 00000188 ___SH C:\Documents and Settings\Profilaktyka\ntuser.ini 2013-09-04 17:49 - 2009-06-30 15:39 - 00032394 _____ C:\WINDOWS\SchedLgU.Txt 2013-09-04 17:44 - 2013-08-02 11:11 - 00000000 ___RD C:\Documents and Settings\Profilaktyka\Moje dokumenty 2013-09-04 17:27 - 2013-08-02 13:39 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Moje dokumenty\Programy szkoleń 2013-09-04 11:59 - 2013-08-05 13:04 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Moje dokumenty\druki i formularze 2013-09-04 11:48 - 2013-08-02 14:21 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Moje dokumenty\Ryzyka zawodowe 2013-09-04 11:44 - 2001-07-22 03:17 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-09-03 12:07 - 2013-09-03 12:07 - 00000610 _____ C:\Documents and Settings\Profilaktyka\Pulpit\RESMAN E. Nosal.lnk 2013-09-03 12:06 - 2009-07-02 11:31 - 00002525 _____ C:\Documents and Settings\Profilaktyka\Pulpit\Microsoft Word.lnk 2013-09-02 12:41 - 2013-08-02 14:19 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Moje dokumenty\KARTY SZKOLENIA 2013-08-28 15:55 - 2013-08-02 14:24 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Moje dokumenty\Dokumenty archiwum 2013-08-28 14:31 - 2013-08-28 14:29 - 00000000 ____D C:\Program Files\SamsungPrinterLiveUpdate 2013-08-28 14:29 - 2013-08-28 14:29 - 00000000 ____D C:\Program Files\Common Files\Common Desktop Agent 2013-08-28 14:29 - 2013-08-28 14:29 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Dane aplikacji\Samsung 2013-08-28 14:29 - 2009-06-30 17:13 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-08-28 14:29 - 2009-06-30 15:49 - 00000000 __RHD C:\Documents and Settings\Profilaktyka\Dane aplikacji 2013-08-28 14:28 - 2013-08-28 14:28 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache 2013-08-28 14:28 - 2013-08-28 14:27 - 00000000 ____D C:\Program Files\Samsung 2013-08-28 14:28 - 2009-06-30 17:12 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2013-08-22 11:08 - 2013-08-02 14:30 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Moje dokumenty\Dokumenty, pozostałe 2013-08-20 13:23 - 2013-08-02 13:33 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Moje dokumenty\Firmy 2013-08-20 13:18 - 2013-08-02 14:14 - 00000000 ____D C:\Documents and Settings\Profilaktyka\Moje dokumenty\Instrukcje i Karty charakterystyk 2013-08-20 10:46 - 2013-08-20 10:46 - 00000000 ___RD C:\Documents and Settings\Profilaktyka\Moje dokumenty\Moje obrazy Files to move or delete: ==================== C:\DOCUME~1\PROFIL~1\USTAWI~1\Temp\hpzmsi01.exe C:\DOCUME~1\PROFIL~1\USTAWI~1\Temp\hpzscr01.exe C:\DOCUME~1\PROFIL~1\USTAWI~1\Temp\{94C370FD-8475-469D-8BA9-30D3BEF89AED}-22.0.1229.96_chrome_installer.exe C:\DOCUME~1\PROFIL~1\USTAWI~1\Temp\SSM29\SugarSyncSetup.exe C:\DOCUME~1\PROFIL~1\USTAWI~1\Temp\fox9E.tmp\Foxit Reader Setup.exe C:\DOCUME~1\PROFIL~1\USTAWI~1\Temp\fox9E.tmp\Foxit Reader.exe C:\DOCUME~1\PROFIL~1\USTAWI~1\Temp\fox9E.tmp\Uninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 01:44] - [2008-04-14 23:51] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2004-08-04 01:44] - [2008-04-14 23:51] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2004-08-04 01:44] - [2008-04-14 23:51] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2004-08-04 01:44] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2004-08-04 01:44] - [2008-04-14 23:50] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2004-08-04 01:44] - [2008-04-14 23:51] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 01:36] - [2008-04-14 22:31] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================